Cyber Resilience

CVE-2025-67230

High

Published: 23 January 2026

Published
23 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67230 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Todesktop Builder. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-67230 is an improper permissions vulnerability (CWE-276) affecting the handler for the Custom URL Scheme in ToDesktop Builder version 0.33.0. Published on 2026-01-23, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). The issue stems from insufficient validation, enabling attackers with renderer-context access to invoke external protocol handlers.

Exploitation requires low privileges (PR:L) and renderer-context access, occurring over the network (AV:N) but demanding high attack complexity (AC:H) and user interaction (UI:R). Successful attacks can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).

Mitigation guidance appears in ToDesktop's security advisory TDSA-2025-002 at https://www.todesktop.com/security/advisories/TDSA-2025-002 and changelog at https://www.todesktop.com/changelog.

EU & UK References

Vulnerability details

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Vulnerability in custom URL scheme handler directly enables exploitation for client execution via malicious protocol invocation from renderer context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-67229Same product: Todesktop Builder
CVE-2025-30465Shared CWE-276
CVE-2025-27677Shared CWE-276
CVE-2025-21532Shared CWE-276
CVE-2024-56525Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2025-27682Shared CWE-276
CVE-2026-6823Shared CWE-276
CVE-2026-24063Shared CWE-276

Affected Assets

todesktop
builder
≤ 0.33.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access permissions on the custom URL scheme handler to block unauthorized external protocol invocations from renderer context.

prevent

Requires validation of all inputs to the custom URL scheme handler, directly addressing the insufficient validation flaw.

prevent

Restricts renderer-context privileges so that external protocol handlers cannot be invoked beyond the minimum necessary permissions.

References